1VOMS-PROXY-INIT(1)                                          VOMS-PROXY-INIT(1)
2
3
4

NAME

6       voms-proxy-init - create a proxy with VOMS extensions
7

SYNOPSIS

9       voms-proxy-init [options]
10
11

DESCRIPTION

13       The voms-proxy-init generates a proxy with the VOMS information includ‐
14       ed in a non critical extension.
15
16

OPTIONS

18       Options may be specified indifferently with either a "-" or  "--"  pre‐
19       fix.  The options from -help to -out are present for compatibility with
20       grid-proxy-init, and have the exact same meaning. The  meaning  of  the
21       other ones is the following.
22
23
24       -help
25
26
27       -usage Displays usage
28
29
30       -version
31
32
33       Displays version
34
35
36       -debug Enables extra debug output
37
38
39       -quiet
40
41
42       -q Quiet mode, minimal output
43
44
45       -verify Verifies proxy
46
47
48       -pwstdin Allows passphrase from stdin
49
50
51       -limited Creates a limited proxy
52
53
54       -hours  H Proxy is valid for H hours (default:12) This option is depre‐
55       cated and is only present for compatibility with grid-proxy-init, since
56       this  option  does  not set the validity of the credentials returned by
57       VOMS. Use -valid instead.
58
59
60       -vomslife  H Tries to get a pseudo cert with information  valid  for  H
61       hours.  The  default is "as long as the proxy certificate". The special
62       value 0 means as long as the server will allow. This option  is  depre‐
63       cated,  since  it does not set the validity of the generated proxy. Use
64       -valid instead.
65
66
67       -valid  HH:MM This option attempts to set the  validity  for  both  the
68       proxy  and  the credentials returned by the VOMS server. The latter va‐
69       lidity may however be shortened due to server policy. This option obso‐
70       letes  both  -hours  and -vomslife, and should be used in preference to
71       both
72
73
74       -bits  B Number of bits in key {0|512|1024|2048|4096}. 0 is  a  special
75       value which means: same number of bits as in the issuing certificate.
76
77
78       -cert  certfile Non-standard location of user certificate
79
80
81       -key  keyfile Non-standard location of user key
82
83
84       -certdir   certdir Non standard location where the trusted CAs certifi‐
85       cates are kept.
86
87
88       -out  proxyfile Location of new proxy cert
89
90
91       -voms  voms[:command] Specifies the VOMS server to  contact  using  the
92       nickname voms. It also allows to send a specific command to the server.
93       The default command is :all, and it gets all group membership  informa‐
94       tion.  Other  commands  are  :/Role=rolename  which grants the rolename
95       VO-wide role if the server allows it, and  :/group/Role=rolename  which
96       grants  the  role  rolename only in the group /group, again only if the
97       server allows it.
98
99
100       Example : voms-proxy-init --voms myVO:/myVO/Role=VO-Admin
101
102
103       -order  fqan Specified fqans, if present, are put on top of the list of
104       attributes returned by the server in the order in which they are passed
105       (using more -order call). The order of the others is not specified.  If
106       some  of the fqans are not returned no warning is given. Capability se‐
107       lection is not supported.
108
109
110       -include  file Includes file in the certificate (in a non critical  ex‐
111       tension)
112
113
114       -conf  file Read options from file.
115
116
117       -confile  file
118
119
120       -userconf  file
121
122
123       -vomses   file  Specifies the name of a configuration file from which a
124       list of nicknames is read. The format of the  file  is  the  following:
125       nick  host  port  subject  vo where nick is the nickname, host and port
126       are the hostname and port of the server to contact, subject is the sub‐
127       ject  of  the server's certificate, while vo is the name of the VO that
128       owns  the  server.  The   default   filenames   are   /etc/vomses   and
129       $HOME/.voms/vomses.
130
131
132       Moreover,  permissions must be 644 if a file is specified, and 755 if a
133       directory is specified
134
135
136       The three options are synonyms. -confile and -userconf are  deprecated.
137       -vomses should be used instead.
138
139
140       -policy The file containing the policy expression.
141
142
143       -policy-language pl
144
145
146       -pl pl The language in which the policy is expressed. Default is IMPER‐
147       SONATION_PROXY.
148
149
150       -path-length Maximum depth of proxy certfificate  that  can  be  signed
151       from this.
152
153
154       -globus  version Underlying Globus version. This will influence the de‐
155       fault value of the -proxyver.
156
157
158       -proxyver Version of the proxy certificate to create. May be 2, 3 or 4.
159       Default value is decided upon underlying globus version.
160
161
162       -rfc  This  option  is  a  synonym  of  -proxyver  4 and it generates a
163       RFC-compliant proxy.
164
165
166       -old This option is a synonym of -proxyver 2 and it generates a  legacy
167       proxy.
168
169
170       -target   hostname  This  option targets the generated AC to a specific
171       host. This option may be specified multiple times to allow for multiple
172       hosts.
173
174
175       -timeout   seconds  This option allows to specify the maximum number of
176       seconds that voms-proxy-init will wait while trying to establish a con‐
177       nection with the server. Its default value is -1 (unlimited).
178
179
180       -noregen  Use  existing proxy to contact the server and to sing the new
181       proxy.
182
183
184       -separate  file Saves the voms credential on file file.
185
186
187       -ignorewarn Ignore all warnings. They are not shown to the user.
188
189
190       -failonwarn Warnings become failures. The program will  translates  all
191       warnings into errors and will react accordingly, by returning a failure
192       itself.
193
194
195       -list Instead of producing an attribute certificate,  this  optin  will
196       print on screen a list of all attributes available to the user.
197
198
199       -includeac  file Adds the VOMS AC in file to the proxy.
200
201

BUGS

203       EGEE Bug Tracking Tool: https://savannah.cern.ch/projects/jra1mdw/
204
205

SEE ALSO

207       voms-proxy-info(1), voms-proxy-destroy(1)
208
209
210       EDT Auth Home page: http://grid-auth.infn.it
211
212
213       CVSweb: http://datagrid.in2p3.fr/cgi-bin/cvsweb.cgi/Auth/voms
214
215
216       RPM       repository:       http://datagrid.in2p3.fr/distribution/auto‐
217       build/i386-rh7.3
218
219

AUTHORS

221       Vincenzo Ciaschini <Vincenzo.Ciaschini@cnaf.infn.it>.
222
223
224       Valerio Venturi <Valerio.Venturi@cnaf.infn.it>.
225
226

COPYRIGHT

228       Copyright (c) Members of the EGEE Collaboration. 2004. See the  benefi‐
229       ciaries list for details on the copyright holders.
230
231
232       Licensed under the Apache License, Version 2.0 (the "License"); you may
233       not use this file except in compliance with the License. You may obtain
234       a copy of the License at
235
236
237       www.apache.org/licenses/LICENSE-2.0: http://www.apache.org/licenses/LI‐
238       CENSE-2.0
239
240
241       Unless required by applicable law or agreed  to  in  writing,  software
242       distributed under the License is distributed on an "AS IS" BASIS, WITH‐
243       OUT WARRANTIES OR CONDITIONS OF ANY KIND, either  express  or  implied.
244       See  the  License  for  the specific language governing permissions and
245       limitations under the License.
246
247
248
249
250                                                            VOMS-PROXY-INIT(1)